Broadcom patched five flaws in VMware Aria Operations and Aria Operations for Logs that could lead to privilege escalation and credential theft.
Broadcom addressed the following vulnerabilities in VMware Aria Operations and Aria Operations for Logs:
- CVE-2025-22218 (CVSS score 8.5) is an information disclosure vulnerability in VMware Aria Operations for Logs. A threat actor with View Only Admin permissions could exploit the issue to read the credentials of a VMware product integrated with VMware Aria Operations for Logs.
- CVE-2025-22219 (CVSS score: 6.8) is a stored cross-site scripting vulnerability. An attacker with non-admin privileges could exploit a stored XSS vulnerability to execute arbitrary actions as an admin user.
- CVE-2025-22220 (CVSS score: 4.3) – is a privilege escalation vulnerability. A threat actor with network access to the Aria Operations for Logs API could exploit a vulnerability to execute actions with admin privileges.
- CVE-2025-22221 (CVSS score: 5.2) – is a stored cross-site scripting vulnerability. An attacker with admin privileges in VMware Aria Operations for Logs could inject a malicious script, which may execute in a victim’s browser during an Agent Configuration delete action.
- CVE-2025-22222 (CVSS score: 7.7) is an information disclosure vulnerability. A malicious user with non-administrative privileges could exploit this issue to retrieve credentials for an outbound plugin if a valid service credential ID is known.
The above vulnerabilities impact versions 8.x of VMware Aria Operations and VMware Cloud Foundation 5.x, 4.x. VMware Aria Operations Version 8.18.3 addressed the issues.
Security researchers from Michelin CERT and Abicom, including Maxime Escourbiac, Yassine Bengana, and Quentin Ebel, detected and reported the vulnerabilities.
Broadcom did not report any attacks exploiting one of the issues in the wild.
In October 2024, VMware warned customers of the availability of a proof-of-concept (PoC) exploit code for another authentication bypass vulnerability, tracked as CVE-2023-34051, in VMware Aria Operations for Logs (formerly known as vRealize Log Insight).
The vulnerability CVE-2023-34051 (CVSS score 8.1) is an authentication bypass vulnerability in VMware Aria Operations for Logs.
“An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.” reads the advisory published by the virtualization giant.
“Updated VMSA to note that VMware has confirmed that exploit code for CVE-2023-34051 has been published”.
The vulnerability was discovered by cybersecurity firm Horizon3, which published a technical analysis of the flaw.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, VMware)
